EP2160690A2 - Method and system for sharing contents with removable storage - Google Patents

Method and system for sharing contents with removable storage

Info

Publication number
EP2160690A2
EP2160690A2 EP08766514A EP08766514A EP2160690A2 EP 2160690 A2 EP2160690 A2 EP 2160690A2 EP 08766514 A EP08766514 A EP 08766514A EP 08766514 A EP08766514 A EP 08766514A EP 2160690 A2 EP2160690 A2 EP 2160690A2
Authority
EP
European Patent Office
Prior art keywords
contents
key
external memory
encrypted
domain key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP08766514A
Other languages
German (de)
French (fr)
Inventor
Jae-Seok Jang
Seog-Cheon Jeon
Hyung-Sik Kim
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
KT Corp
Original Assignee
KT Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by KT Corp filed Critical KT Corp
Publication of EP2160690A2 publication Critical patent/EP2160690A2/en
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F17/00Digital computing or data processing equipment or methods, specially adapted for specific functions
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F15/00Digital computers in general; Data processing equipment in general
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy

Definitions

  • the present invention relates to contents sharing method and system using an external memory. Particularly, the present invention relates to a method and system for using a single piece of contents by a plurality of devices by using an external memory.
  • DRM digital rights management
  • the DRM method is a scheme for encrypting paid digital contents by using a predefined private key or a proper number of a device as an encryption key so that a user having received the paid digital contents may not distribute them illegally.
  • the encrypted digital contents is used by one device having a proper number used as an encryption key, and is used for a predetermined number of times or for a predetermined period.
  • various devices having wired/wireless terminals that have been manufactured recently include various additional functions such as a photographing function, a music reproducing function, and an image reproducing function. Further, needs of sharing the contents including photos, video, and songs caused by the additional functions with another device have increased.
  • Attachable memories so-called external memories, for sharing and exchanging various contents have been used, and various devices respectively have a slot for inserting an external memory.
  • the contents that are encrypted by the DRM method cannot be used by another device even though they are shared by using an external memory, and hence, a plurality of files encrypted by respective encryption keys for the contents to be used for a plurality of devices are to be stored in the external memory so that resources of the external memory is unnecessarily wasted and the meaning of sharing disappears.
  • the present invention has been made in an effort to provide a method and system for a plurality of devices to share a piece of contents encrypted by the DRM method by using an external memory.
  • An exemplary embodiment of the present invention provides a method for performing encrypted contents of an inserted external memory by a device including: (a) checking a public key of the device, the public key being a proper number allocated to the device; (b) extracting a device domain key corresponding to the public key from at least one device domain key stored in the external memory, the device domain key being a contents identifier encrypted by the public key; (c) decoding the device domain key extracted in (b) by using the public key; and (d) decoding the contents stored in the external memory and performing the same by using the decoded device domain key.
  • Another embodiment of the present invention provides a method for transmitting encrypted contents from a wired/wireless terminal to an external memory including: (a) receiving a device list for performing the encrypted contents, and public keys for the respective devices included in the device list, the public keys being proper numbers allocated to the devices; (b) encrypting a domain key used as a contents identifier by using the public key to generate at least one device domain key; and (c) transmitting the at least one device domain key to the external memory.
  • Yet another embodiment of the present invention provides a contents sharing system in a system for supporting sharing of encrypted contents using an external memory, the system including a contents server for storing and managing the encrypted contents; an authentication managing server for managing a right object (RO) including a contents encryption key used for encrypting the contents; a device managing server managing a list of devices sharing the encrypted contents; and a public key managing server for authenticating the devices, and managing a public key used for extracting the contents encryption key from the RO.
  • a contents sharing system in a system for supporting sharing of encrypted contents using an external memory, the system including a contents server for storing and managing the encrypted contents; an authentication managing server for managing a right object (RO) including a contents encryption key used for encrypting the contents; a device managing server managing a list of devices sharing the encrypted contents; and a public key managing server for authenticating the devices, and managing a public key used for extracting the contents encryption key from the RO.
  • RO right object
  • an external memory for providing encrypted contents to at least one of device includes: a contents storing module for storing encrypted contents; a right object (RO) storing module for storing RO including a contents encryption key for decoding the encrypted contents; and a domain key storing module for storing at least one device domain key used for extracting the contents encryption key from the RO.
  • a contents storing module for storing encrypted contents includes: a right object (RO) storing module for storing RO including a contents encryption key for decoding the encrypted contents; and a domain key storing module for storing at least one device domain key used for extracting the contents encryption key from the RO.
  • RO right object
  • FIG. 1 shows a configuration of a contents sharing system using an external memory according to an exemplary embodiment of the present invention.
  • FIG. 2 shows an inner configuration of an external memory according to an exemplary embodiment of the present invention
  • FIG. 3 shows an inner configuration of an external memory realized as a directory and folder type.
  • FIG. 4 shows a flowchart of a method for a wired/wireless terminal to transmit contents to an external memory according to an exemplary embodiment of the present invention.
  • FIG. 5 shows a flowchart of a method for executing the contents stored in an external memory of a device according to an exemplary embodiment of the present invention.
  • a module represents a unit for processing a predetermined function or an operation, and is realized by hardware, software or combination of hardware and software.
  • FIG. 1 shows a configuration of a contents sharing system using an external memory according to an exemplary embodiment of the present invention.
  • the contents sharing system includes an external memory 100, wired/wireless terminals 110 and 112, a wired/wireless Internet 130, and a DRM managing system 140.
  • the contents sharing system further includes a mobile communication network 120 for connecting the wireless terminal 112 and the wired/wireless Internet 130.
  • the external memory 100 stores a plurality of contents and DRM information for the corresponding contents.
  • the DRM information includes a device list provided by the DRM managing system 140 and a domain key encrypted by a device public key.
  • the device public key is a product proper number allocated to a device
  • the domain key is a digital signature and identifies respective contents.
  • the domain key is supported to extract a contents encryption key for decoding contents from authentication information (also referred to as right object (RO)) provided by the DRM managing system 140. Accordingly, a single piece of contents has a common domain key.
  • authentication information also referred to as right object (RO)
  • the configuration of the external memory 100 will be described with reference to FIG. 2.
  • the wired/wireless terminals 110 and 112 are classified as a wired terminal 110 directly connected to the wired/wireless Internet 130 and a wireless terminal 112 connected to the wired/wireless Internet 130 through the mobile communication network 120.
  • the wired terminal 110 includes a personal computer, a cable telephone, and a set-top box that are accessible to the wired/wireless Internet 130 through a cable
  • the wireless terminal 112 includes a mobile terminal, a laptop computer, a PDA, and a PMP that include a communication module to access the wired/wireless Internet 130 through the mobile communication network 120 or directly access the wired/wireless Internet 130.
  • the wired/wireless terminals 110 and 112 have an external memory slot for inserting the external memory 100, encrypts the domain key transmitted by the DRM managing system 140 into a public key, transmits the public key to the external memory 100, encrypts the contents provided by the contents server 142, and stores the encrypted contents in the external memory 100.
  • the wired/wireless Internet 130 connects the wired terminal 110 and the wireless terminal 112 connected through the mobile communication network 120 with the DRM managing system 140.
  • the DRM managing system 140 manages registration information on the device for using the contents, transmits registered device information to the wired/wireless terminals 110 and 112, and authenticates the user, thereby providing various kinds of information for the contents sharing service.
  • the DRM managing system 140 includes a contents server 142, an authentication managing server 144, a device managing server 146, and a public key managing server 148.
  • the contents server 142 stores and manages the contents that are transmitted to the wired/wireless terminals 110 and 112 through the wired/wireless Internet 130. Also, the contents server 142 encrypts the contents transmitted to the wired/wireless terminals 110 and 112 through the wired/wireless Internet 130 so as to manage the rights of the contents. In this instance, a contents encryption key (CEK) is used to encrypt the contents.
  • CEK contents encryption key
  • the contents server 142 can be managed by an additional contents service provider, and the contents server 142 can be provided to a place other than that of the DRM managing system 140.
  • the authentication managing server 144 manages a right object (RO) including the CEK used for contents encryption.
  • RO right object
  • the device managing server 146 manages information on the registered device. That is, the device managing server 146 stores and manages a list of devices and types of devices in order to use the contents stored in the external memory 100.
  • the contents according to the exemplary embodiment of the present invention can be shared by a plurality of devices, and can also be shared by predetermined groups (e.g., company, post, and school department).
  • groups e.g., company, post, and school department.
  • the device managing server 146 stores and manages user information corresponding to the respective groups or information on the wired/wireless terminal.
  • the public key managing server 148 is connected to the device managing server 146, authenticates the user, wired/wireless terminal, or the device having requested to provide contents, and manages and provides a public key of the registered device.
  • the public key managing server 148 can be connected to the manufacturer of the device.
  • an additional input/output unit can be configured to be connected to the device managing server 146 and the public key managing server 148 so that device information, group information, and the public key stored in the device managing server 146 and the public key managing server 148 may be edited and corrected through the input/output unit.
  • the contents server 142, the authentication managing server 144, the device managing server 146, and the public key managing server 148 can be realized as individual hardwired devices, or can be realized to be divided according to their functions in a single hardwired device.
  • FIG. 2 shows a block diagram of an inner configuration of an external memory according to an exemplary embodiment of the present invention.
  • the external memory 100 includes a contents storing module 210 for storing contents, and a DRM storing module 220 for storing encryption and decoding data.
  • the contents storing module 210 stores encrypted contents provided by the contents server 142 through the wired/wireless Internet 130.
  • the DRM storing module 220 stores data for decoding the encrypted contents, and includes an RO storing module 222 and a domain key storing module 224.
  • the RO storing module 222 stores an RO including a CEK for decoding the encrypted contents.
  • the CEK included in the RO is decoded by using a domain key, and for this purpose, the RO storing module 222 receives a domain key on the device for operating the contents from the domain key storing module 224.
  • the domain key storing module 224 stores a domain key for each device. That is, when the wired/wireless terminals 110 and 112 encrypt the domain key by using the public keys of the respective devices registered in the DRM managing system 140, the encrypted domain key is stored in the domain key storing module 224 of the external memory 100.
  • the domain key storing module 224 of the external memory 100 includes N device domain key storing modules from the first device domain key storing module 2242 to the N-th device domain key storing module 2246.
  • the external memory 100 can be realized by hardware and software.
  • the contents storing module 210, the DRM storing module 220, the RO storing module 220, and the device domain key storing modules (2242 to 2246) can be realized in the folder type with the directory structure.
  • FIG. 3 shows an inner configuration of an external memory realized in the directory and the folder type.
  • FIG. 4 shows a flowchart of a method for a wired/wireless terminal to transmit contents to an external memory according to an exemplary embodiment of the present invention.
  • the user Before the wired/wireless terminals 110 and 112 in the contents sharing system transmit the contents provided by the DRM managing system 140 to the external memory 100, the user must register a device list for desired contents to the DRM managing system 140. In this instance, when the device list is registered to the DRM managing system 140, public keys allocated to the respective devices are also input. The registered device list is transmitted to the device managing server
  • the input contents transmission request is transmitted to the DRM managing system 140 through the wired/wireless Internet 130.
  • the wired/wireless terminals 110 and 112 are connected to the DRM managing system 140 (S430).
  • the wired/wireless terminals 110 and 112 connected to the DRM managing system 140 receive the registered device list and the public keys of the respective devices from the device managing server 146 of the DRM managing system 140 (S440).
  • the wired/wireless terminals 110 and 112 encrypt the domain keys of the registered devices by using respective public keys (S450), and transmit the encrypted domain keys to the external memory 100.
  • the encrypted domain keys transmitted to the external memory 100 are stored in the domain key storing module 224 (S460).
  • the wired/wireless terminals 110 and 112 receive the contents from the contents server 142 of the DRM managing system 140.
  • the contents transmitted by the contents server 142 are encrypted by the CEK.
  • the wired/wireless terminals 110 and 112 receive an RO for decoding the encrypted contents from the authentication managing server 144 of the DRM managing system 140, transmit the received contents and the RO to the external memory 100, and store the same therein.
  • the contents transmitted to the external memory 100 are stored in the contents storing module 210, and the RO is stored in the RO storing module 222 (S470).
  • the receiving of the contents and the RO according to S470 can be performed simultaneously with S440.
  • the wired/wireless terminals 110 and 120 transmit the encrypted contents and the decoding data on the encrypted contents to the external memory 100.
  • FIG. 5 shows a flowchart of a method for executing the contents stored in an external memory of a device according to an exemplary embodiment of the present invention.
  • the external memory 100 storing the contents and the decoding data can be inserted into various devices.
  • the device 100 checks the public key of the device 100 (S520). When the public key is checked, the device 100 checks the device domain key storing module that corresponds to the domain key storing module 224 from the domain key storing module 224 of the external memory 100, and extracts the domain key stored in the checked device domain key storing module. The device 100 decodes the extracted domain key by using the public key checked in S520.
  • the external memory 100 extracts the private key that corresponds to the public key, and decodes the domain key by using the extracted private key (S530).
  • the device calls an RO from the RO storing module 222.
  • the devices extracts a CEK from the RO (S540) by using the domain key decoded through S530, and decodes the contents by using the extracted CEK.
  • the decoded contents are reproduced by the corresponding device
  • the method for executing a single piece of contents stored in the external memory by a plurality of devices has been described, and it is also possible to share the contents stored in the external memory or a shared storage medium among members of a predetermined specific group.
  • a method for performing the encryption and decoding method by using a proper number allocated to each member may be used, rather than the method for performing the encryption and decoding method by using the public key. It is also possible to add a process of receiving a proper number from the user when performing the encryption and decoding method using the proper number allocated to the member.
  • a single piece of contents stored in the external memory is reproducible by a plurality of devices to thus solve the conventional problem in which a contents user must repeatedly pay in order to perform a single piece of contents in a plurality of devices.
  • the same contents that are encrypted by respective encryption keys are stored in a plurality of external memories to thereby solve the existing problem of wasting the resources of the external memory and to efficiently use the external memory resources.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Power Engineering (AREA)
  • Mathematical Physics (AREA)
  • Databases & Information Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention relates to contents sharing method and system using an external memory. A method for transmitting encrypted contents to an external memory device list includes receiving a device list and public keys for devices, encrypting a domain key by using a public key to generate at least one device domain key, and transmitting the device domain key to the external memory. The method for performing encrypted contents further includes checking a public key of a device, extracting a device domain key corresponding to a public key checked by at least one device domain key stored in an external memory, decoding the extracted device domain key, decoding the encrypted contents by using the decoded device domain key, and performing the decoded encrypted contents. According to the present invention, since a single piece of contents stored in an external memory is reproducible by a plurality of devices, the existing problem of repeatedly settling the single piece of contents is solved and external memory resources are efficiently used.

Description

[SPECIFICATION] [Invention Title]
METHOD AND SYSTEM FOR SHARING CONTENTS WITH REMOVABLE STORAGE [Technical Field]
The present invention relates to contents sharing method and system using an external memory. Particularly, the present invention relates to a method and system for using a single piece of contents by a plurality of devices by using an external memory. [Background Art]
As the Internet has been developed, the digital contents industry has also been greatly developed because the digital contents have been activated by means of the Internet. However, side effects have also been substantially generated because of it, for example, illegal reproduction or disallowed distribution of digital contents.
In order to eradicate the illegal reproduction and disallowed distribution, the digital rights management (DRM) method has been used.
The DRM method is a scheme for encrypting paid digital contents by using a predefined private key or a proper number of a device as an encryption key so that a user having received the paid digital contents may not distribute them illegally. The encrypted digital contents is used by one device having a proper number used as an encryption key, and is used for a predetermined number of times or for a predetermined period. In addition, various devices having wired/wireless terminals that have been manufactured recently include various additional functions such as a photographing function, a music reproducing function, and an image reproducing function. Further, needs of sharing the contents including photos, video, and songs caused by the additional functions with another device have increased.
Attachable memories, so-called external memories, for sharing and exchanging various contents have been used, and various devices respectively have a slot for inserting an external memory. However, the contents that are encrypted by the DRM method cannot be used by another device even though they are shared by using an external memory, and hence, a plurality of files encrypted by respective encryption keys for the contents to be used for a plurality of devices are to be stored in the external memory so that resources of the external memory is unnecessarily wasted and the meaning of sharing disappears.
The above information disclosed in this Background section is only for enhancement of understanding of the background of the invention and therefore it may contain information that does not form the prior art that is already known in this country to a person of ordinary skill in the art. [DETAILED DESCRIPTION] [Technical Problem]
The present invention has been made in an effort to provide a method and system for a plurality of devices to share a piece of contents encrypted by the DRM method by using an external memory. [Technical Solution]
An exemplary embodiment of the present invention provides a method for performing encrypted contents of an inserted external memory by a device including: (a) checking a public key of the device, the public key being a proper number allocated to the device; (b) extracting a device domain key corresponding to the public key from at least one device domain key stored in the external memory, the device domain key being a contents identifier encrypted by the public key; (c) decoding the device domain key extracted in (b) by using the public key; and (d) decoding the contents stored in the external memory and performing the same by using the decoded device domain key.
Another embodiment of the present invention provides a method for transmitting encrypted contents from a wired/wireless terminal to an external memory including: (a) receiving a device list for performing the encrypted contents, and public keys for the respective devices included in the device list, the public keys being proper numbers allocated to the devices; (b) encrypting a domain key used as a contents identifier by using the public key to generate at least one device domain key; and (c) transmitting the at least one device domain key to the external memory. Yet another embodiment of the present invention provides a contents sharing system in a system for supporting sharing of encrypted contents using an external memory, the system including a contents server for storing and managing the encrypted contents; an authentication managing server for managing a right object (RO) including a contents encryption key used for encrypting the contents; a device managing server managing a list of devices sharing the encrypted contents; and a public key managing server for authenticating the devices, and managing a public key used for extracting the contents encryption key from the RO.
According to an embodiment of the present invention, an external memory for providing encrypted contents to at least one of device includes: a contents storing module for storing encrypted contents; a right object (RO) storing module for storing RO including a contents encryption key for decoding the encrypted contents; and a domain key storing module for storing at least one device domain key used for extracting the contents encryption key from the RO.
[Brief Description of the Drawings]
FIG. 1 shows a configuration of a contents sharing system using an external memory according to an exemplary embodiment of the present invention.
FIG. 2 shows an inner configuration of an external memory according to an exemplary embodiment of the present invention
FIG. 3 shows an inner configuration of an external memory realized as a directory and folder type.
FIG. 4 shows a flowchart of a method for a wired/wireless terminal to transmit contents to an external memory according to an exemplary embodiment of the present invention. FIG. 5 shows a flowchart of a method for executing the contents stored in an external memory of a device according to an exemplary embodiment of the present invention. [Best Mode] In the following detailed description, only certain exemplary embodiments of the present invention have been shown and described, simply by way of illustration. As those skilled in the art would realize, the described embodiments may be modified in various different ways, all without departing from the spirit or scope of the present invention. Accordingly, the drawings and description are to be regarded as illustrative in nature and not restrictive. Like reference numerals designate like elements throughout the specification.
In addition, unless explicitly described to the contrary, the word "comprise" and variations such as "comprises" or "comprising" will be understood to imply the inclusion of stated elements but not the exclusion of any other elements.
In the specification, a module represents a unit for processing a predetermined function or an operation, and is realized by hardware, software or combination of hardware and software.
FIG. 1 shows a configuration of a contents sharing system using an external memory according to an exemplary embodiment of the present invention.
The contents sharing system includes an external memory 100, wired/wireless terminals 110 and 112, a wired/wireless Internet 130, and a DRM managing system 140. The contents sharing system further includes a mobile communication network 120 for connecting the wireless terminal 112 and the wired/wireless Internet 130.
The external memory 100 stores a plurality of contents and DRM information for the corresponding contents. Here, the DRM information includes a device list provided by the DRM managing system 140 and a domain key encrypted by a device public key.
Here, the device public key is a product proper number allocated to a device, and the domain key is a digital signature and identifies respective contents. Also, the domain key is supported to extract a contents encryption key for decoding contents from authentication information (also referred to as right object (RO)) provided by the DRM managing system 140. Accordingly, a single piece of contents has a common domain key.
The configuration of the external memory 100 will be described with reference to FIG. 2.
The wired/wireless terminals 110 and 112 are classified as a wired terminal 110 directly connected to the wired/wireless Internet 130 and a wireless terminal 112 connected to the wired/wireless Internet 130 through the mobile communication network 120. The wired terminal 110 includes a personal computer, a cable telephone, and a set-top box that are accessible to the wired/wireless Internet 130 through a cable, and the wireless terminal 112 includes a mobile terminal, a laptop computer, a PDA, and a PMP that include a communication module to access the wired/wireless Internet 130 through the mobile communication network 120 or directly access the wired/wireless Internet 130.
The wired/wireless terminals 110 and 112 have an external memory slot for inserting the external memory 100, encrypts the domain key transmitted by the DRM managing system 140 into a public key, transmits the public key to the external memory 100, encrypts the contents provided by the contents server 142, and stores the encrypted contents in the external memory 100.
The wired/wireless Internet 130 connects the wired terminal 110 and the wireless terminal 112 connected through the mobile communication network 120 with the DRM managing system 140. The DRM managing system 140 manages registration information on the device for using the contents, transmits registered device information to the wired/wireless terminals 110 and 112, and authenticates the user, thereby providing various kinds of information for the contents sharing service. For this purpose, the DRM managing system 140 includes a contents server 142, an authentication managing server 144, a device managing server 146, and a public key managing server 148.
The contents server 142 stores and manages the contents that are transmitted to the wired/wireless terminals 110 and 112 through the wired/wireless Internet 130. Also, the contents server 142 encrypts the contents transmitted to the wired/wireless terminals 110 and 112 through the wired/wireless Internet 130 so as to manage the rights of the contents. In this instance, a contents encryption key (CEK) is used to encrypt the contents.
Here, the contents server 142 can be managed by an additional contents service provider, and the contents server 142 can be provided to a place other than that of the DRM managing system 140.
The authentication managing server 144 manages a right object (RO) including the CEK used for contents encryption.
The device managing server 146 manages information on the registered device. That is, the device managing server 146 stores and manages a list of devices and types of devices in order to use the contents stored in the external memory 100.
Also, the contents according to the exemplary embodiment of the present invention can be shared by a plurality of devices, and can also be shared by predetermined groups (e.g., company, post, and school department). When the contents are shared by the groups, the device managing server 146 stores and manages user information corresponding to the respective groups or information on the wired/wireless terminal.
The public key managing server 148 is connected to the device managing server 146, authenticates the user, wired/wireless terminal, or the device having requested to provide contents, and manages and provides a public key of the registered device. For this purpose, the public key managing server 148 can be connected to the manufacturer of the device.
Here, an additional input/output unit can be configured to be connected to the device managing server 146 and the public key managing server 148 so that device information, group information, and the public key stored in the device managing server 146 and the public key managing server 148 may be edited and corrected through the input/output unit.
Here, the contents server 142, the authentication managing server 144, the device managing server 146, and the public key managing server 148 can be realized as individual hardwired devices, or can be realized to be divided according to their functions in a single hardwired device.
FIG. 2 shows a block diagram of an inner configuration of an external memory according to an exemplary embodiment of the present invention.
The external memory 100 includes a contents storing module 210 for storing contents, and a DRM storing module 220 for storing encryption and decoding data.
The contents storing module 210 stores encrypted contents provided by the contents server 142 through the wired/wireless Internet 130.
The DRM storing module 220 stores data for decoding the encrypted contents, and includes an RO storing module 222 and a domain key storing module 224.
The RO storing module 222 stores an RO including a CEK for decoding the encrypted contents. Here, the CEK included in the RO is decoded by using a domain key, and for this purpose, the RO storing module 222 receives a domain key on the device for operating the contents from the domain key storing module 224.
The domain key storing module 224 stores a domain key for each device. That is, when the wired/wireless terminals 110 and 112 encrypt the domain key by using the public keys of the respective devices registered in the DRM managing system 140, the encrypted domain key is stored in the domain key storing module 224 of the external memory 100.
In a contents sharing system having N registered devices, the domain key storing module 224 of the external memory 100 includes N device domain key storing modules from the first device domain key storing module 2242 to the N-th device domain key storing module 2246.
The external memory 100 can be realized by hardware and software. In the case of realization by software, the contents storing module 210, the DRM storing module 220, the RO storing module 220, and the device domain key storing modules (2242 to 2246) can be realized in the folder type with the directory structure.
FIG. 3 shows an inner configuration of an external memory realized in the directory and the folder type.
FIG. 4 shows a flowchart of a method for a wired/wireless terminal to transmit contents to an external memory according to an exemplary embodiment of the present invention.
Before the wired/wireless terminals 110 and 112 in the contents sharing system transmit the contents provided by the DRM managing system 140 to the external memory 100, the user must register a device list for desired contents to the DRM managing system 140. In this instance, when the device list is registered to the DRM managing system 140, public keys allocated to the respective devices are also input. The registered device list is transmitted to the device managing server
146 and is then stored, and the input public keys are stored in the public key managing server 148 (S410).
When the device list and the public keys of the devices are stored in the DRM managing system 140 and a contents transmission request for using contents from the user is input to the wired/wireless terminals 110 and 112 (S420), the input contents transmission request is transmitted to the DRM managing system 140 through the wired/wireless Internet 130. Through the above-noted process, the wired/wireless terminals 110 and 112 are connected to the DRM managing system 140 (S430).
The wired/wireless terminals 110 and 112 connected to the DRM managing system 140 receive the registered device list and the public keys of the respective devices from the device managing server 146 of the DRM managing system 140 (S440). When receiving the device list and the public keys of the devices, the wired/wireless terminals 110 and 112 encrypt the domain keys of the registered devices by using respective public keys (S450), and transmit the encrypted domain keys to the external memory 100. The encrypted domain keys transmitted to the external memory 100 are stored in the domain key storing module 224 (S460).
The wired/wireless terminals 110 and 112 receive the contents from the contents server 142 of the DRM managing system 140. In this instance, the contents transmitted by the contents server 142 are encrypted by the CEK. Also, the wired/wireless terminals 110 and 112 receive an RO for decoding the encrypted contents from the authentication managing server 144 of the DRM managing system 140, transmit the received contents and the RO to the external memory 100, and store the same therein. In this instance, the contents transmitted to the external memory 100 are stored in the contents storing module 210, and the RO is stored in the RO storing module 222 (S470). Here, the receiving of the contents and the RO according to S470 can be performed simultaneously with S440.
Through the above-noted process, the wired/wireless terminals 110 and 120 transmit the encrypted contents and the decoding data on the encrypted contents to the external memory 100.
FIG. 5 shows a flowchart of a method for executing the contents stored in an external memory of a device according to an exemplary embodiment of the present invention.
According to the description with reference to FIG. 4, the external memory 100 storing the contents and the decoding data can be inserted into various devices.
When a request for using the stored contents is provided by the user to the device into which the external memory 100 is inserted (S510), the device 100 checks the public key of the device 100 (S520). When the public key is checked, the device 100 checks the device domain key storing module that corresponds to the domain key storing module 224 from the domain key storing module 224 of the external memory 100, and extracts the domain key stored in the checked device domain key storing module. The device 100 decodes the extracted domain key by using the public key checked in S520.
Here, it is desirable to use the asymmetric key encryption method in order to improve security when decoding the domain key by using the public key. Accordingly, the external memory 100 extracts the private key that corresponds to the public key, and decodes the domain key by using the extracted private key (S530).
The device calls an RO from the RO storing module 222. When the RO is called, the devices extracts a CEK from the RO (S540) by using the domain key decoded through S530, and decodes the contents by using the extracted CEK. The decoded contents are reproduced by the corresponding device
(S550).
Therefore, a single piece of contents stored in the external memory is reproducible by a plurality of devices.
The method for executing a single piece of contents stored in the external memory by a plurality of devices has been described, and it is also possible to share the contents stored in the external memory or a shared storage medium among members of a predetermined specific group. In this instance, a method for performing the encryption and decoding method by using a proper number allocated to each member may be used, rather than the method for performing the encryption and decoding method by using the public key. It is also possible to add a process of receiving a proper number from the user when performing the encryption and decoding method using the proper number allocated to the member.
Further, it is possible to set a validity time for the contents stored and shared by the external memory and a time for terminating the sharing of contents when the validity time expires.
While this invention has been described in connection with what is presently considered to be practical exemplary embodiments, it is to be understood that the invention is not limited to the disclosed embodiments, but, on the contrary, is intended to cover various modifications and equivalent arrangements included within the spirit and scope of the appended claims.
According to the exemplified embodiment of the present invention, a single piece of contents stored in the external memory is reproducible by a plurality of devices to thus solve the conventional problem in which a contents user must repeatedly pay in order to perform a single piece of contents in a plurality of devices.
Further, in order to perform the same contents in a plurality of devices, the same contents that are encrypted by respective encryption keys are stored in a plurality of external memories to thereby solve the existing problem of wasting the resources of the external memory and to efficiently use the external memory resources.

Claims

[CLAIMS] [Claim 1 ]
A method for performing encrypted contents of an inserted external memory by a device, comprising: (a) checking a public key of the device, the public key being a proper number allocated to the device;
(b) extracting a device domain key corresponding to the public key from at least one device domain key stored in the external memory, the device domain key being a contents identifier encrypted by the public key; (c) decoding the device domain key extracted in (b) by using the public key; and
(d) decoding the contents stored in the external memory and performing the same by using the decoded device domain key.
[Claim 2]
The method of claim 1 , wherein the (c) includes:
(Cl) extracting a private key corresponding to the public key; and (c2) decoding the device domain key extracted in (b) by using the private key.
[Claim 3]
The method of claim 1 , wherein the (d) includes:
(d1 ) extracting a contents encryption key from a right object (RO) by using the decoded device domain key; and
(d,2) decoding the encrypted contents and performing the same by using the extracted contents encryption key.
[Claim 4]
A method for transmitting encrypted contents from a wired/wireless terminal to an external memory, comprising: (a) receiving a device list for performing the encrypted contents, and public keys for the respective devices included in the device list, the public keys being proper numbers allocated to the devices;
(b) encrypting a domain key used as a contents identifier by using the public keys to generate at least one device domain key; and (c) transmitting the at least one device domain key to the external memory.
[Claim 5]
The method of claim 4, further comprising transmitting the encrypted contents and RO to the external memory, the
RO including a contents encryption key for decoding the encrypted contents.
[Claim 6] The method of claim 4, further including, before the (a), registering the device using the contents and a public key of the device.
[Claim 7] In a system for supporting sharing of encrypted contents using an external memory, a contents sharing system comprising: a contents server for storing and managing the encrypted contents; an authentication managing server for managing a right object (RO) including a contents encryption key used for encrypting the contents; a device managing server managing a list of devices sharing the encrypted contents; and a public key managing server for authenticating the device, and managing a public key used for extracting the contents encryption key from the RO, the public key being a proper number allocated to each device.
[Claim 8]
The contents sharing system of claim 7, further including an input/output unit for editing and correcting device information and the public key stored in the device managing server and the public key managing server.
[Claim 9]
An external memory for providing encrypted contents to at least one of devices, comprising: a contents storing module for storing encrypted contents; a right object (RO) storing module for storing RO including a contents encryption key for decoding the encrypted contents; and a domain key storing module for storing at least one device domain key used for extracting the contents encryption key from the RO.
[Claim 10]
The external memory of claim 9, wherein the device domain key is encrypted by using a private key that corresponds to a public key that is a proper number of the device according to an asymmetric encryption method.
[Claim 1 1 ] The external memory of claim 9, wherein the external memory includes the same number of domain key storing modules as the devices using the contents.
[Claim 12] The external memory of claim 9, wherein the contents storing module, the RO storing module, and the domain key storing module are realized in the folder type with a directory structure.
EP08766514A 2007-06-28 2008-06-23 Method and system for sharing contents with removable storage Withdrawn EP2160690A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR1020070064151A KR20090002392A (en) 2007-06-28 2007-06-28 Method and system for sharing contents with removable storage
PCT/KR2008/003555 WO2009002059A2 (en) 2007-06-28 2008-06-23 Method and system for sharing contents with removable storage

Publications (1)

Publication Number Publication Date
EP2160690A2 true EP2160690A2 (en) 2010-03-10

Family

ID=40186154

Family Applications (1)

Application Number Title Priority Date Filing Date
EP08766514A Withdrawn EP2160690A2 (en) 2007-06-28 2008-06-23 Method and system for sharing contents with removable storage

Country Status (5)

Country Link
US (2) US20100125736A1 (en)
EP (1) EP2160690A2 (en)
JP (1) JP4874423B2 (en)
KR (1) KR20090002392A (en)
WO (1) WO2009002059A2 (en)

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120101623A1 (en) * 2010-10-22 2012-04-26 Best Wise International Computing Co., Ltd. Encryption Method of Digital Data, Decryption Method of Encrypted Digital Data, Manufacturing System of Storage Apparatus and Manufacturing Method Thereof
US10630686B2 (en) 2015-03-12 2020-04-21 Fornetix Llc Systems and methods for organizing devices in a policy hierarchy
US10965459B2 (en) 2015-03-13 2021-03-30 Fornetix Llc Server-client key escrow for applied key management system and process
US10778429B1 (en) * 2015-12-03 2020-09-15 Amazon Technologies, Inc. Storage of cryptographic information
US10860086B2 (en) 2016-02-26 2020-12-08 Fornetix Llc Policy-enabled encryption keys having complex logical operations
US11063980B2 (en) 2016-02-26 2021-07-13 Fornetix Llc System and method for associating encryption key management policy with device activity
US10880281B2 (en) 2016-02-26 2020-12-29 Fornetix Llc Structure of policies for evaluating key attributes of encryption keys
US10931653B2 (en) 2016-02-26 2021-02-23 Fornetix Llc System and method for hierarchy manipulation in an encryption key management system
US10917239B2 (en) 2016-02-26 2021-02-09 Fornetix Llc Policy-enabled encryption keys having ephemeral policies

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5944794A (en) * 1994-09-30 1999-08-31 Kabushiki Kaisha Toshiba User identification data management scheme for networking computer systems using wide area network
US6226618B1 (en) * 1998-08-13 2001-05-01 International Business Machines Corporation Electronic content delivery system
KR20000054205A (en) * 2000-05-26 2000-09-05 김동주 Multimedia learning method and system on internet
KR100509970B1 (en) * 2003-09-05 2005-08-25 (주)아이즈멘아이엔씨 Flash player equipment and service method apply contants copyright protection method to flash file
US7389273B2 (en) * 2003-09-25 2008-06-17 Scott Andrew Irwin System and method for federated rights management
US8825551B2 (en) * 2005-04-21 2014-09-02 Google Technology Holdings LLC Digital rights management for local recording and home network distribution
KR100708162B1 (en) * 2005-04-25 2007-04-16 삼성전자주식회사 Method for managing a domain and apparatus therefor
US7958370B2 (en) * 2005-09-29 2011-06-07 Hitachi Global Storage Technologies, Netherlands, B.V. System and device for managing control data
US8098821B2 (en) * 2005-11-08 2012-01-17 Lg Electronics Inc. Data encryption/decryption method and mobile terminal for use in the same

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO2009002059A2 *

Also Published As

Publication number Publication date
WO2009002059A3 (en) 2009-03-05
KR20090002392A (en) 2009-01-09
WO2009002059A2 (en) 2008-12-31
US20100125736A1 (en) 2010-05-20
JP2010531511A (en) 2010-09-24
JP4874423B2 (en) 2012-02-15
US20170116394A1 (en) 2017-04-27
WO2009002059A4 (en) 2009-04-23

Similar Documents

Publication Publication Date Title
US20170116394A1 (en) Method and system for sharing contents with removable storage
US8539233B2 (en) Binding content licenses to portable storage devices
US10250613B2 (en) Data access method based on cloud computing platform, and user terminal
US8719912B2 (en) Enabling private data feed
US8893242B2 (en) System and method for pool-based identity generation and use for service access
CN101518029B (en) Method for single sign-on when using a set-top box
US20070088660A1 (en) Digital security for distributing media content to a local area network
KR20120058458A (en) System and method for accessing private digital content
AU2019322806B2 (en) Location-based access to controlled access resources
CN101546366B (en) Digital copyright management system and management method
US20120303967A1 (en) Digital rights management system and method for protecting digital content
US20070110012A1 (en) Device and method for tracking usage of content distributed to media devices of a local area network
US8234497B2 (en) Method and apparatus for providing secure linking to a user identity in a digital rights management system
WO2007047445A2 (en) Privacy proxy of a digital security system for distributing media content to a local area network
CN111859443A (en) Account level block chain privacy data access authority control method and system
US20080077992A1 (en) Method, apparatus, and system for transmitting and receiving inter-device content ro
US20080215894A1 (en) Method, System and Devices For Digital Content Protection
US8893302B2 (en) Method for managing security keys utilized by media devices in a local area network
CN110955909A (en) Personal data protection method and block link point
WO2007068263A1 (en) Device, system and method for allowing authorised access to a digital content
KR20070115574A (en) Method for communicating data
KR20070097738A (en) Method and system for contents by using flash memory card

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20091130

AK Designated contracting states

Kind code of ref document: A2

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MT NL NO PL PT RO SE SI SK TR

AX Request for extension of the european patent

Extension state: AL BA MK RS

DAX Request for extension of the european patent (deleted)
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20160105